constantinople
Advanced tools
Comparing version 3.0.2 to 3.1.0
11
index.js
@@ -5,2 +5,3 @@ 'use strict' | ||
var walk = require('acorn/dist/walk'); | ||
var isExpression = require('is-expression'); | ||
@@ -92,11 +93,1 @@ var lastSRC = '(null)'; | ||
} | ||
function isExpression(src) { | ||
try { | ||
eval('throw "STOP"; (function () { return (' + src + '); })()'); | ||
return false; | ||
} | ||
catch (err) { | ||
return err === 'STOP'; | ||
} | ||
} |
{ | ||
"name": "constantinople", | ||
"version": "3.0.2", | ||
"description": "Determine whether a JavaScript expression evaluates to a constant (using UglifyJS)", | ||
"keywords": [], | ||
"version": "3.1.0", | ||
"description": "Determine whether a JavaScript expression evaluates to a constant (using acorn)", | ||
"keywords": [ | ||
"acorn", | ||
"ast", | ||
"tooling" | ||
], | ||
"dependencies": { | ||
"acorn": "^2.1.0" | ||
"acorn": "^3.1.0", | ||
"is-expression": "^2.0.1" | ||
}, | ||
@@ -9,0 +14,0 @@ "devDependencies": { |
@@ -6,3 +6,3 @@ # constantinople | ||
[![Build Status](https://img.shields.io/travis/ForbesLindesay/constantinople/master.svg)](https://travis-ci.org/ForbesLindesay/constantinople) | ||
[![Dependency Status](https://img.shields.io/gemnasium/ForbesLindesay/constantinople.svg)](https://gemnasium.com/ForbesLindesay/constantinople) | ||
[![Dependency Status](https://img.shields.io/david/ForbesLindesay/constantinople.svg)](https://david-dm.org/ForbesLindesay/constantinople) | ||
[![NPM version](https://img.shields.io/npm/v/constantinople.svg)](https://www.npmjs.org/package/constantinople) | ||
@@ -9,0 +9,0 @@ |
Uses eval
Supply chain riskPackage uses eval() which is a dangerous function. This prevents the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
1
9035
2
154
+ Addedis-expression@^2.0.1
+ Addedacorn@3.3.0(transitive)
+ Addedis-expression@2.1.0(transitive)
+ Addedobject-assign@4.1.1(transitive)
- Removedacorn@2.7.0(transitive)
Updatedacorn@^3.1.0